However, the files (C:\Windows\SysWOW64\atmfd.dll and C:\Windows\System32\atmfd.dll) and the relevant registry settings are NOT in the our 2019 image or our resulting builds and the Qualys results sections of vulnerability scans only show the operating system, NOT any files or registry settings found or patches that are missing.

So, Qualys is in agreement with Microsoft’s post and flagging the vulnerability, but at the same time it is not pointing to any vulnerable files, registry settings, or missing patches.

Is Windows Server 2019 really vulnerable? What is the community seeing on Windows Server 2019?